| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) | 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) |
| 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) | 3 * (C) 1999 Antti Koivisto (koivisto@kde.org) |
| 4 * (C) 2001 Dirk Mueller (mueller@kde.org) | 4 * (C) 2001 Dirk Mueller (mueller@kde.org) |
| 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. | 5 * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Apple Inc. All rights reserv
ed. |
| 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> | 6 * Copyright (C) 2008 Nikolas Zimmermann <zimmermann@kde.org> |
| 7 * | 7 * |
| 8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
| 9 * modify it under the terms of the GNU Library General Public | 9 * modify it under the terms of the GNU Library General Public |
| 10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 114 } | 114 } |
| 115 | 115 |
| 116 void ScriptLoader::detach() | 116 void ScriptLoader::detach() |
| 117 { | 117 { |
| 118 if (!m_pendingScript) | 118 if (!m_pendingScript) |
| 119 return; | 119 return; |
| 120 m_pendingScript->dispose(); | 120 m_pendingScript->dispose(); |
| 121 m_pendingScript = nullptr; | 121 m_pendingScript = nullptr; |
| 122 } | 122 } |
| 123 | 123 |
| 124 // Helper function | 124 // Helper function. Must take a lowercase language as input. |
| 125 static bool isLegacySupportedJavaScriptLanguage(const String& language) | 125 static bool isLegacySupportedJavaScriptLanguage(const String& language) |
| 126 { | 126 { |
| 127 // Mozilla 1.8 accepts javascript1.0 - javascript1.7, but WinIE 7 accepts on
ly javascript1.1 - javascript1.3. | 127 // Mozilla 1.8 accepts javascript1.0 - javascript1.7, but WinIE 7 accepts on
ly javascript1.1 - javascript1.3. |
| 128 // Mozilla 1.8 and WinIE 7 both accept javascript and livescript. | 128 // Mozilla 1.8 and WinIE 7 both accept javascript and livescript. |
| 129 // WinIE 7 accepts ecmascript and jscript, but Mozilla 1.8 doesn't. | 129 // WinIE 7 accepts ecmascript and jscript, but Mozilla 1.8 doesn't. |
| 130 // Neither Mozilla 1.8 nor WinIE 7 accept leading or trailing whitespace. | 130 // Neither Mozilla 1.8 nor WinIE 7 accept leading or trailing whitespace. |
| 131 // We want to accept all the values that either of these browsers accept, bu
t not other values. | 131 // We want to accept all the values that either of these browsers accept, bu
t not other values. |
| 132 | 132 |
| 133 // FIXME: This function is not HTML5 compliant. These belong in the MIME reg
istry as "text/javascript<version>" entries. | 133 // FIXME: This function is not HTML5 compliant. These belong in the MIME reg
istry as "text/javascript<version>" entries. |
| 134 typedef HashSet<String, CaseFoldingHash> LanguageSet; | 134 DCHECK_EQ(language, language.lower()); |
| 135 DEFINE_STATIC_LOCAL(LanguageSet, languages, ()); | 135 return language == "javascript" |
| 136 if (languages.isEmpty()) { | 136 || language == "javascript1.0" |
| 137 languages.add("javascript"); | 137 || language == "javascript1.1" |
| 138 languages.add("javascript1.0"); | 138 || language == "javascript1.2" |
| 139 languages.add("javascript1.1"); | 139 || language == "javascript1.3" |
| 140 languages.add("javascript1.2"); | 140 || language == "javascript1.4" |
| 141 languages.add("javascript1.3"); | 141 || language == "javascript1.5" |
| 142 languages.add("javascript1.4"); | 142 || language == "javascript1.6" |
| 143 languages.add("javascript1.5"); | 143 || language == "javascript1.7" |
| 144 languages.add("javascript1.6"); | 144 || language == "livescript" |
| 145 languages.add("javascript1.7"); | 145 || language == "ecmascript" |
| 146 languages.add("livescript"); | 146 || language == "jscript"; |
| 147 languages.add("ecmascript"); | |
| 148 languages.add("jscript"); | |
| 149 } | |
| 150 | |
| 151 return languages.contains(language); | |
| 152 } | 147 } |
| 153 | 148 |
| 154 void ScriptLoader::dispatchErrorEvent() | 149 void ScriptLoader::dispatchErrorEvent() |
| 155 { | 150 { |
| 156 m_element->dispatchEvent(Event::create(EventTypeNames::error)); | 151 m_element->dispatchEvent(Event::create(EventTypeNames::error)); |
| 157 } | 152 } |
| 158 | 153 |
| 159 void ScriptLoader::dispatchLoadEvent() | 154 void ScriptLoader::dispatchLoadEvent() |
| 160 { | 155 { |
| 161 if (ScriptLoaderClient* client = this->client()) | 156 if (ScriptLoaderClient* client = this->client()) |
| 162 client->dispatchLoadEvent(); | 157 client->dispatchLoadEvent(); |
| 163 setHaveFiredLoadEvent(true); | 158 setHaveFiredLoadEvent(true); |
| 164 } | 159 } |
| 165 | 160 |
| 166 bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) c
onst | 161 bool ScriptLoader::isValidScriptTypeAndLanguage(const String& type, const String
& language, LegacyTypeSupport supportLegacyTypes) |
| 167 { | 162 { |
| 168 // FIXME: isLegacySupportedJavaScriptLanguage() is not valid HTML5. It is us
ed here to maintain backwards compatibility with existing layout tests. The spec
ific violations are: | 163 // FIXME: isLegacySupportedJavaScriptLanguage() is not valid HTML5. It is us
ed here to maintain backwards compatibility with existing layout tests. The spec
ific violations are: |
| 169 // - Allowing type=javascript. type= should only support MIME types, such as
text/javascript. | 164 // - Allowing type=javascript. type= should only support MIME types, such as
text/javascript. |
| 170 // - Allowing a different set of languages for language= and type=. language
= supports Javascript 1.1 and 1.4-1.6, but type= does not. | 165 // - Allowing a different set of languages for language= and type=. language
= supports Javascript 1.1 and 1.4-1.6, but type= does not. |
| 171 | |
| 172 String type = client()->typeAttributeValue(); | |
| 173 String language = client()->languageAttributeValue(); | |
| 174 if (type.isEmpty() && language.isEmpty()) | |
| 175 return true; // Assume text/javascript. | |
| 176 if (type.isEmpty()) { | 166 if (type.isEmpty()) { |
| 177 type = "text/" + language.lower(); | 167 String lowerLanguage = language.lower(); |
| 178 if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type) || isLegacySup
portedJavaScriptLanguage(language)) | 168 return language.isEmpty() // assume text/javascript. |
| 179 return true; | 169 || MIMETypeRegistry::isSupportedJavaScriptMIMEType("text/" + lowerLa
nguage) |
| 170 || isLegacySupportedJavaScriptLanguage(lowerLanguage); |
| 180 } else if (RuntimeEnabledFeatures::moduleScriptsEnabled() && type == "module
") { | 171 } else if (RuntimeEnabledFeatures::moduleScriptsEnabled() && type == "module
") { |
| 181 return true; | 172 return true; |
| 182 } else if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type.stripWhiteSp
ace()) || (supportLegacyTypes == AllowLegacyTypeInTypeAttribute && isLegacySuppo
rtedJavaScriptLanguage(type))) { | 173 } else if (MIMETypeRegistry::isSupportedJavaScriptMIMEType(type.stripWhiteSp
ace()) || (supportLegacyTypes == AllowLegacyTypeInTypeAttribute && isLegacySuppo
rtedJavaScriptLanguage(type.lower()))) { |
| 183 return true; | 174 return true; |
| 184 } | 175 } |
| 185 | 176 |
| 186 return false; | 177 return false; |
| 187 } | 178 } |
| 188 | 179 |
| 180 bool ScriptLoader::isScriptTypeSupported(LegacyTypeSupport supportLegacyTypes) c
onst |
| 181 { |
| 182 return isValidScriptTypeAndLanguage(client()->typeAttributeValue(), client()
->languageAttributeValue(), supportLegacyTypes); |
| 183 } |
| 184 |
| 189 // http://dev.w3.org/html5/spec/Overview.html#prepare-a-script | 185 // http://dev.w3.org/html5/spec/Overview.html#prepare-a-script |
| 190 bool ScriptLoader::prepareScript(const TextPosition& scriptStartPosition, Legacy
TypeSupport supportLegacyTypes) | 186 bool ScriptLoader::prepareScript(const TextPosition& scriptStartPosition, Legacy
TypeSupport supportLegacyTypes) |
| 191 { | 187 { |
| 192 if (m_alreadyStarted) | 188 if (m_alreadyStarted) |
| 193 return false; | 189 return false; |
| 194 | 190 |
| 195 ScriptLoaderClient* client = this->client(); | 191 ScriptLoaderClient* client = this->client(); |
| 196 | 192 |
| 197 bool wasParserInserted; | 193 bool wasParserInserted; |
| 198 if (m_parserInserted) { | 194 if (m_parserInserted) { |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 337 } | 333 } |
| 338 | 334 |
| 339 bool isSVGScriptLoader(Element* element) | 335 bool isSVGScriptLoader(Element* element) |
| 340 { | 336 { |
| 341 DCHECK(element); | 337 DCHECK(element); |
| 342 return isSVGScriptElement(*element); | 338 return isSVGScriptElement(*element); |
| 343 } | 339 } |
| 344 | 340 |
| 345 void ScriptLoader::logScriptMimetype(ScriptResource* resource, LocalFrame* frame
, String mimetype) | 341 void ScriptLoader::logScriptMimetype(ScriptResource* resource, LocalFrame* frame
, String mimetype) |
| 346 { | 342 { |
| 347 bool text = mimetype.lower().startsWith("text/"); | 343 String lowerMimetype = mimetype.lower(); |
| 348 bool application = mimetype.lower().startsWith("application/"); | 344 bool text = lowerMimetype.startsWith("text/"); |
| 349 bool expectedJs = MIMETypeRegistry::isSupportedJavaScriptMIMEType(mimetype)
|| (text && isLegacySupportedJavaScriptLanguage(mimetype.substring(5))); | 345 bool application = lowerMimetype.startsWith("application/"); |
| 346 bool expectedJs = MIMETypeRegistry::isSupportedJavaScriptMIMEType(lowerMimet
ype) || (text && isLegacySupportedJavaScriptLanguage(lowerMimetype.substring(5))
); |
| 350 bool sameOrigin = m_element->document().getSecurityOrigin()->canRequest(m_re
source->url()); | 347 bool sameOrigin = m_element->document().getSecurityOrigin()->canRequest(m_re
source->url()); |
| 351 if (expectedJs) { | 348 if (expectedJs) { |
| 352 return; | 349 return; |
| 353 } | 350 } |
| 354 UseCounter::Feature feature = sameOrigin ? (text ? UseCounter::SameOriginTex
tScript : application ? UseCounter::SameOriginApplicationScript : UseCounter::Sa
meOriginOtherScript) : (text ? UseCounter::CrossOriginTextScript : application ?
UseCounter::CrossOriginApplicationScript : UseCounter::CrossOriginOtherScript); | 351 UseCounter::Feature feature = sameOrigin ? (text ? UseCounter::SameOriginTex
tScript : application ? UseCounter::SameOriginApplicationScript : UseCounter::Sa
meOriginOtherScript) : (text ? UseCounter::CrossOriginTextScript : application ?
UseCounter::CrossOriginApplicationScript : UseCounter::CrossOriginOtherScript); |
| 355 UseCounter::count(frame, feature); | 352 UseCounter::count(frame, feature); |
| 356 } | 353 } |
| 357 | 354 |
| 358 bool ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com
pilationFinishTime) | 355 bool ScriptLoader::executeScript(const ScriptSourceCode& sourceCode, double* com
pilationFinishTime) |
| 359 { | 356 { |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 520 if (isHTMLScriptLoader(element)) | 517 if (isHTMLScriptLoader(element)) |
| 521 return toHTMLScriptElement(element)->loader(); | 518 return toHTMLScriptElement(element)->loader(); |
| 522 | 519 |
| 523 if (isSVGScriptLoader(element)) | 520 if (isSVGScriptLoader(element)) |
| 524 return toSVGScriptElement(element)->loader(); | 521 return toSVGScriptElement(element)->loader(); |
| 525 | 522 |
| 526 return 0; | 523 return 0; |
| 527 } | 524 } |
| 528 | 525 |
| 529 } // namespace blink | 526 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2099853002:
Don't preload scripts with invalid type/language attributes (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master